[Noisebridge-discuss] noisebridge.net SSL cert
Brian Ferrell
endenizen at gmail.com
Wed Feb 3 21:30:58 UTC 2010
On Wed, Feb 3, 2010 at 12:23, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> https://noisebridge.net/wiki/Noisebridge cannot and should not redirect.
>
> You can not (that I know of) cause a redirect in the SSL/TLS handshake.
Ah, thanks for that. Makes sense when you think about it...
So to fix the problem* of visitors seeing the "omg this certificate is
invalid" warning it seems there are two options:
1. Drop support for https://noisebridge.net altogether (forcing people
to remember to type www and throwing a 404 otherwise)
2. Wait for the cert to expire and drop support for
https://www.noisebridge.net (and renew the cert for
https://noisebridge.net)
or, in less words:
1. Use www
2. Use no-www
Unfortunately, as long as we're using https, we can't easily redirect
a user from one to the other so typing the wrong thing will result in
a 404.
Is it better to show the user an invalid cert warning or a 404?
* = of course the 3rd option could be "this isn't a problem" but
Someone Who Knows More About Security is probably better suited to
make this claim.
-Brian
More information about the Noisebridge-discuss
mailing list